(Hi, Roger!) The attempts here look an awful lot like the "SAML in
a technical nutshell" slide (#2) from my SAML Basics set:
http://www.oasis-open.org/committees/download.php/12958/SAMLV2.0-basics.pdf
SAML in a technical nutshell:
- XML-based framework for marshaling security and identity
information and exchanging it across domain boundaries
. Wraps existing security technologies rather than inventing new ones
. Its profiles offer interop for a variety of use cases, but you
can extend and profile it further
- At SAML's core: assertions about subjects
. Assertions contain statements: authentication, attribute,
entitlement, or roll-your-own
====
If you're ascending a really tall building, you could try slide #3
(originally stolen from Prateek's slides, I think):
====
Key use cases covered by SAML out-of-the-box
- Single sign-on
. Using standard browsers
. Using enhanced HTTP clients (such as handheld devices) that
know how to interact with IdPs but are not SOAP-aware
- Identity federation
. Using a well-known name or attribute
. For anonymous users by means of attributes
. Using a privacy-preserving pseudonym
- Attribute services
. Getting attributes that can be interpreted according to several
common attribute/directory technologies
- Single logout
====
Other favorites are the graphic from slide #9 and the (now classic
and frequently copied :-) ) slide #14...
Eve
Costello, Roger L. wrote:
> Hi Folks,
>
>
>
> I am trying to boil down SAML to its essence. Below is what I’ve come
> up with.
>
>
>
> *SAML Elevator Speech*
>
>
>
> A service provider can ask an authority one of these questions:
>
>
>
> 1. Have you authenticated this ____ subject?
> 2. For this ____ subject, what are his values for these ____ attributes?
> 3. Should this ____ subject be allowed to take these ____ actions on
> this ____ resource?
>
>
>
>
>
> An authority can make these statements (assertions):
>
>
>
> 1. This ____ subject was authenticated on this ____ datetime, using
> this ____ mechanism.
> 2. This ____ subject has this ____ value for this ____ attribute.
> 3. For this ____ subject, taking this ____ action on this ____
> resource, the decision is ____.
>
>
>
>
>
> Is this an accurate assessment of what you can do with SAML? Is it
> complete? /Roger
>
--
Eve Maler +1 425 947 4522
Technology Director eve.maler @ sun.com
CTO Business Alliances group Sun Microsystems, Inc.